The US national law firm Hinshaw & Culbertson, which has an extensive legal malpractice and professional liability practice group, is now leveraging IntApp Wall Builder and IntApp Activity Tracker from IntApp Inc to satisfy the access control and audit requirements of the 2013 HIPAA Omnibus Rule.
As of January 17, 2013, the US Department of Health and Human Services announced that the new HIPAA Omnibus Rule holds those law firms that act as Business Associates, or interact with protected health information (PHI), directly liable for compliance with the HIPAA Security Rule and Privacy Rule (press release). These rules mandate that access to and use of PHI must be restricted to a “minimum necessary” standard, with access restrictions documented and verified using activity monitoring technology. In turn, many organizations are currently revising their information management policies and practices to achieve compliance. Formal enforcement begins September 23, 2013.
“As our firm advises multiple peer law firms on issues relating to professional responsibility and risk management, we considered it imperative to focus our own HIPAA compliance efforts to maintain the excellent standard of care we deliver to our clients,” said Steve Puiszis, Assistant General Counsel, Hinshaw & Culbertson. “IntApp Wall Builder and IntApp Activity Tracker play a central role in our HIPAA compliance strategy, as technical controls that enable us to secure and track matters containing PHI without disrupting lawyer productivity or collaboration.”
IntApp Wall Builder is a web-based information security and confidentiality management software application that enables organizations to centrally control and report on user access permissions across multiple applications, including document management, accounting, portal, CRM, time entry and records management systems. It also automates notifications to individuals subject to specific policies and tracks acknowledgments for compliance purposes. IntApp Activity Tracker supplements these security capabilities by monitoring how lawyers and staff use sensitive information. It notifies management of suspect activities so that firms can resolve potential problems before they become crises or compliance violations.
“IntApp Activity Tracker will not only enable our firm to address the audit requirements of the HIPAA Security Rule, but also alert my team of any abnormal access to sensitive documents that may signal a pending lateral lawyer departure,” said Jim Devereux, Director of Information Technology, Hinshaw & Culbertson. “Activity Tracker is a must have for law firms looking to mitigate information risk and verify compliance with access policies and procedures.”